page.unload = function () {
map.removeLayer(group);
map.off("moveend", update);
+ map.off("zoomend", updateBounds);
};
return page;
helper_method :oauth_token
def self.allow_thirdparty_images(**options)
- content_security_policy(options) do |policy|
+ content_security_policy(**options) do |policy|
policy.img_src("*", :data)
end
end
before_action :lookup_user, :only => :index
before_action :check_database_writable, :only => [:create, :hide, :unhide]
- allow_thirdparty_images :only => :index
+ allow_thirdparty_images :only => [:index, :create]
def index
@title = t ".title", :user => @user.display_name
elsif @message.save
flash[:notice] = t ".message_sent"
UserMailer.message_notification(@message).deliver_later if @message.notify_recipient?
- redirect_to messages_inbox_path
+ redirect_to messages_outbox_path
else
@title = t "messages.new.title"
render :action => "new"
end
assert_response :success
assert_template :new
+ assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
# Now try again with the right id
assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
end
end
end
- assert_redirected_to messages_inbox_path
+ assert_redirected_to messages_outbox_path
assert_equal "Message sent", flash[:notice]
e = ActionMailer::Base.deliveries.first
assert_equal [recipient_user.email], e.to
get user_new_path, :params => { :cookie_test => "true" }
assert_response :success
+ assert_no_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
+
assert_select "html", :count => 1 do
assert_select "head", :count => 1 do
assert_select "title", :text => /Sign Up/, :count => 1
get user_path(user)
assert_response :success
+ assert_match(/img-src \* data:;/, @response.headers["Content-Security-Policy-Report-Only"])
assert_select "div.content-heading" do
assert_select "a[href^='/user/#{ERB::Util.u(user.display_name)}/history']", 1
assert_select "a[href='/user/#{ERB::Util.u(user.display_name)}/traces']", 1
projects / rails.git / commitdiff